<div dir="ltr">Hi.<div><br></div><div>Briefly, my goal is to digitally sign a document using the API of the Cloud Signature Consortium for the remote part and openssl for the local part.<br></div><div><br></div><div>First of alI I tried signing only locally, providing hard-coded certificate and private key.<br>It works like a charm.<br>Here, the snippet I used for the purpose.<br></div><div>```</div><div><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span style="color:rgb(252,95,163)"><b>static</b></span> <span style="color:rgb(252,95,163)"><b>void</b></span> <span style="color:rgb(65,161,192)">sign_with_signer</span>( <span style="color:rgb(158,241,221)">CustomSigner</span> &signer, <span style="color:rgb(158,241,221)">X509</span> *cert, <span style="color:rgb(158,241,221)">EVP_PKEY</span> *pkey )</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)">{</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"><span style="color:rgba(255,255,255,0.85)"> </span><font color="#fc5fa3"><span style="caret-color: rgb(252, 95, 163);"><b>[...]</b></span></font></span></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><br></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(252,95,163)"><b>int</b></span> rc;</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(158,241,221)">BIO</span> *mem = <span style="color:rgb(103,183,164)">BIO_new</span>( <span style="color:rgb(103,183,164)">BIO_s_mem</span>() );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(252,95,163)"><b>if</b></span>( !mem )</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>{</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><b style="color:rgb(252,95,163)">[...]</b></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>}</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><br></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(253,143,63);background-color:rgb(31,31,36)"><span style="color:rgba(255,255,255,0.85)"><span class="gmail-Apple-converted-space"> </span></span><span style="color:rgb(252,95,163)"><b>unsigned</b></span><span style="color:rgba(255,255,255,0.85)"> </span><span style="color:rgb(252,95,163)"><b>int</b></span><span style="color:rgba(255,255,255,0.85)"> flags = </span>PKCS7_DETACHED<span style="color:rgba(255,255,255,0.85)"> | </span>PKCS7_BINARY<span style="color:rgba(255,255,255,0.85)">;</span></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(158,241,221)">PKCS7</span> *pkcs7 = <span style="color:rgb(103,183,164)">PKCS7_sign</span>( cert, pkey, <span style="color:rgb(252,95,163)"><b>NULL</b></span>, mem, flags );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(252,95,163)"><b>if</b></span>( !pkcs7 )</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>{</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(103,183,164)">BIO_free</span>( mem );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><b style="color:rgb(252,95,163)">[...]</b></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>}</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><br></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(252,95,163)"><b>while</b></span>( len = signer.<span style="color:rgb(103,183,164)">ReadForSignature</span>( pBuffer, uBufferLen ), len > <span style="color:rgb(208,191,105)">0</span> )</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>{</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>rc = <span style="color:rgb(103,183,164)">BIO_write</span>( mem, pBuffer, len );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(252,95,163)"><b>if</b></span>( <span style="color:rgb(252,95,163)"><b>static_cast</b></span><<span style="color:rgb(252,95,163)"><b>unsigned</b></span> <span style="color:rgb(252,95,163)"><b>int</b></span>>( rc ) != len )</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>{</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(103,183,164)">PKCS7_free</span>( pkcs7 );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(103,183,164)">BIO_free</span>( mem );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><b style="color:rgb(252,95,163)">[...]</b></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>}</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>}</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><b style="color:rgb(252,95,163)"> </b></p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><b style="color:rgb(252,95,163)"> [...]</b><br></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><br></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(252,95,163)"><b>if</b></span>( <span style="color:rgb(103,183,164)">PKCS7_final</span>( pkcs7, mem, flags ) <= <span style="color:rgb(208,191,105)">0</span> )</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>{</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(103,183,164)">PKCS7_free</span>( pkcs7 );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(103,183,164)">BIO_free</span>( mem );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(103,183,164);background-color:rgb(31,31,36)"><span style="color:rgba(255,255,255,0.85)"><span class="gmail-Apple-converted-space"> </span></span><b style="color:rgb(252,95,163)">[...]</b></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>}</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><br></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(252,95,163)"><b>bool</b></span> success = <span style="color:rgb(252,95,163)"><b>false</b></span>;</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(158,241,221)">BIO</span> *out = <span style="color:rgb(103,183,164)">BIO_new</span>( <span style="color:rgb(103,183,164)">BIO_s_mem</span>() );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(252,95,163)"><b>if</b></span>( !out )</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>{</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(103,183,164)">PKCS7_free</span>( pkcs7 );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(103,183,164)">BIO_free</span>( mem );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(103,183,164);background-color:rgb(31,31,36)"><span style="color:rgba(255,255,255,0.85)"><span class="gmail-Apple-converted-space"> </span></span><b style="color:rgb(252,95,163)">[...]</b></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>}</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><br></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(252,95,163)"><b>char</b></span> *outBuff = <span style="color:rgb(252,95,163)"><b>NULL</b></span>;</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(252,95,163)"><b>long</b></span> outLen;</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><br></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(103,183,164)">i2d_PKCS7_bio</span>( out, pkcs7 );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><br></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>outLen = <span style="color:rgb(253,143,63)">BIO_get_mem_data</span>( out, &outBuff );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><br></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(252,95,163)"><b>if</b></span>( outLen > <span style="color:rgb(208,191,105)">0</span> && outBuff )</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>{</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(252,95,163)"><b>if</b></span>( <span style="color:rgb(252,95,163)"><b>static_cast</b></span><<span style="color:rgb(208,168,255)">size_t</span>>( outLen ) > signer.<span style="color:rgb(103,183,164)">GetSignatureSize</span>() )</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>{</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(103,183,164)">PKCS7_free</span>( pkcs7 );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(103,183,164)">BIO_free</span>( out );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(103,183,164)">BIO_free</span>( mem );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><br></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><b style="color:rgb(252,95,163)">[...]</b></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>}</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><br></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(158,241,221)">Signature</span> signature( outBuff, outLen );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>signer.<span style="color:rgb(103,183,164)">SetSignature</span>( signature );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>success = <span style="color:rgb(252,95,163)"><b>true</b></span>;</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>}</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><br></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(103,183,164)">PKCS7_free</span>( pkcs7 );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(103,183,164)">BIO_free</span>( out );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(103,183,164)">BIO_free</span>( mem );</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><br></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(252,95,163)"><b>if</b></span>( !success )</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(252,106,93);background-color:rgb(31,31,36)"><span style="color:rgba(255,255,255,0.85)"><span class="gmail-Apple-converted-space"> </span></span><b style="color:rgb(252,95,163)">[...]</b></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)">}</p></div><div>```</div><div>Now using the CSC `credentials/info` API I have:</div><div><br></div><div>```</div><div><div class="gmail-page" title="Page 48" style="color:rgb(0,0,0)"><div class="gmail-section" style="background-color:rgb(238,255,204)"><div class="gmail-layoutArea"><div class="gmail-column"><p><span style="font-size:10pt;font-family:Consolas;color:rgb(89,89,89)">"cert":</span></p><pre><span style="font-size:10pt;font-family:Consolas;color:rgb(89,89,89)"> {
"status": "valid",
"certificates":
[
</span></pre><p><span style="font-size:10pt;font-family:Consolas;color:rgb(89,89,89)">"<Base64-encoded_X.509_end_entity_certificate>", </span></p><p><span style="font-size:10pt;font-family:Consolas;color:rgb(89,89,89)">"<Base64-encoded_X.509_intermediate_CA_certificate>", </span></p><p><span style="font-size:10pt;font-family:Consolas;color:rgb(89,89,89)">"<Base64-encoded_X.509_root_CA_certificate>"</span></p><p><span style="font-size:10pt;font-family:Consolas;color:rgb(89,89,89)">],<br>"issuerDN": "<X.500_issuer_DN_printable_string>", "serialNumber": "5AAC41CD8FA22B953640", "subjectDN": "<X.500_subject_DN_printable_string>", "validFrom": "20180101100000Z",<br>"validTo": "20190101095959Z"</span></p><pre><span style="font-size:10pt;font-family:Consolas;color:rgb(89,89,89)"> },
</span></pre></div></div></div></div></div><div>```</div><div>So I have to build the X509 which I need to sign the document.<br></div><div>I guess using something like that:</div><div><br></div><div>```</div><div><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span style="color:rgb(252,95,163)"><b>bool</b></span> <span style="color:rgb(158,241,221)">pdf</span>::<span style="color:rgb(158,241,221)">CryptoModule</span>::<span style="color:rgb(65,161,192)">make_certificate</span>(<span style="color:rgb(252,95,163)"><b>const</b></span> <span style="color:rgb(252,95,163)"><b>char</b></span> *data, <span style="color:rgb(158,241,221)">X509</span> **out_cert)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)">{</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(252,95,163)"><b>if</b></span>( !data || !*data )</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>{</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(252,95,163);background-color:rgb(31,31,36)"><span style="color:rgba(255,255,255,0.85)"><span class="gmail-Apple-converted-space"> </span></span><b>return</b><span style="color:rgba(255,255,255,0.85)"> </span><b>false</b><span style="color:rgba(255,255,255,0.85)">;</span></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>}</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><span class="gmail-Apple-converted-space"> </span></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(252,95,163)"><b>if</b></span>( !out_cert )</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>{</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(252,95,163);background-color:rgb(31,31,36)"><span style="color:rgba(255,255,255,0.85)"><span class="gmail-Apple-converted-space"> </span></span><b>return</b><span style="color:rgba(255,255,255,0.85)"> </span><b>false</b><span style="color:rgba(255,255,255,0.85)">;</span></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>}</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><span class="gmail-Apple-converted-space"> </span></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(158,241,221)">BIO</span> *bio;</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><span class="gmail-Apple-converted-space"> </span></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(103,183,164);background-color:rgb(31,31,36)"><span style="color:rgba(255,255,255,0.85)"><span class="gmail-Apple-converted-space"> </span>bio = </span>BIO_new<span style="color:rgba(255,255,255,0.85)">(</span>BIO_s_mem<span style="color:rgba(255,255,255,0.85)">());</span></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(103,183,164)">BIO_puts</span>(bio, data);</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(108,121,134);background-color:rgb(31,31,36)">//<span class="gmail-Apple-converted-space"> </span>*out_cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>*out_cert = <span style="color:rgb(103,183,164)">d2i_X509_bio</span>(bio, <span style="color:rgb(252,95,163)"><b>NULL</b></span>);</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><span class="gmail-Apple-converted-space"> </span></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(252,95,163)"><b>if</b></span>( !*out_cert )</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>{</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(252,95,163);background-color:rgb(31,31,36)"><span style="color:rgba(255,255,255,0.85)"><span class="gmail-Apple-converted-space"> </span></span><b>return</b><span style="color:rgba(255,255,255,0.85)"> </span><b>false</b><span style="color:rgba(255,255,255,0.85)">;</span></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span>}</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36);min-height:14px"><span class="gmail-Apple-converted-space"> </span></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(252,95,163);background-color:rgb(31,31,36)"><span style="color:rgba(255,255,255,0.85)"><span class="gmail-Apple-converted-space"> </span></span><b>return</b><span style="color:rgba(255,255,255,0.85)"> </span><b>true</b><span style="color:rgba(255,255,255,0.85)">;</span></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)">}</p></div><div>```</div><div>But at this point I don't have the private key!</div><div>Instead, CSC `signatures/signHash` will provide me the signature object to apply to the document.<br></div><div><br></div><div>```</div><div><div class="gmail-page" title="Page 58" style="color:rgb(0,0,0)"><div class="gmail-section" style="background-color:rgb(238,255,204)"><div class="gmail-layoutArea"><div class="gmail-column"><pre><span style="font-size:10pt;font-family:Consolas;color:rgb(89,89,89)">{
"signatures":
</span></pre><p><span style="font-size:10pt;font-family:Consolas;color:rgb(89,89,89)">[ "KedJuTob5gtvYx9qM3k3gm7kbLBwVbEQRl26S2tmXjqNND7MRGtoew==",</span></p><p><span style="font-size:10pt;font-family:Consolas;color:rgb(89,89,89)">"Idhef7xzgtvYx9qM3k3gm7kbLBwVbE98239S2tm8hUh85KKsfdowel==" ]</span></p><p><span style="font-size:10pt;font-family:Consolas;color:rgb(89,89,89)">}</span></p></div></div></div></div></div><div>```</div><div><br></div><div>Here is how things should work:</div><div><br></div><div><div class="gmail-page" title="Page 64" style="color:rgb(0,0,0)"><img src="blob:https://mail.google.com/11a885fa-6fe5-405f-aa1f-19e45ace62f7" alt="page64image25534384" width="481.949930" height="244.460660"></div></div><div><br></div><div>At this point I would like to understand what are the openSSL APIs to use for<br>- get the X509s<br>- get the raw signature of the document to be passed to the Signer who will apply it.<br></div><div><br></div><div>In my humble opinion the</div><div>```</div><div><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span style="color:rgb(158,241,221)">PKCS7</span> *<span style="color:rgb(65,161,192)">PKCS7_encrypt</span>(<span style="color:rgb(253,143,63)">STACK_OF</span>(X509) *certs, <span style="color:rgb(158,241,221)">BIO</span> *<span style="color:rgb(252,95,163)"><b>in</b></span>, <span style="color:rgb(252,95,163)"><b>const</b></span> <span style="color:rgb(158,241,221)">EVP_CIPHER</span> *cipher,</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(252,95,163)"><b>int</b></span> flags);</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(65,161,192);background-color:rgb(31,31,36)"><span style="color:rgb(252,95,163)"><b>int</b></span><span style="color:rgba(255,255,255,0.85)"> </span>PKCS7_add_attrib_content_type<span style="color:rgba(255,255,255,0.85)">(</span><span style="color:rgb(158,241,221)">PKCS7_SIGNER_INFO</span><span style="color:rgba(255,255,255,0.85)"> *si, </span><span style="color:rgb(158,241,221)">ASN1_OBJECT</span><span style="color:rgba(255,255,255,0.85)"> *coid);</span></p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(65,161,192);background-color:rgb(31,31,36)"><span style="color:rgb(252,95,163)"><b>int</b></span><span style="color:rgba(255,255,255,0.85)"> </span>PKCS7_add0_attrib_signing_time<span style="color:rgba(255,255,255,0.85)">(</span><span style="color:rgb(158,241,221)">PKCS7_SIGNER_INFO</span><span style="color:rgba(255,255,255,0.85)"> *si, </span><span style="color:rgb(158,241,221)">ASN1_TIME</span><span style="color:rgba(255,255,255,0.85)"> *t);</span></p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(65,161,192);background-color:rgb(31,31,36)"><span style="color:rgb(252,95,163)"><b>int</b></span><span style="color:rgba(255,255,255,0.85)"> </span>PKCS7_add1_attrib_digest<span style="color:rgba(255,255,255,0.85)">(</span><span style="color:rgb(158,241,221)">PKCS7_SIGNER_INFO</span><span style="color:rgba(255,255,255,0.85)"> *si,</span></p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgba(255,255,255,0.85);background-color:rgb(31,31,36)"><span class="gmail-Apple-converted-space"> </span><span style="color:rgb(252,95,163)"><b>const</b></span> <span style="color:rgb(252,95,163)"><b>unsigned</b></span> <span style="color:rgb(252,95,163)"><b>char</b></span> *md, <span style="color:rgb(252,95,163)"><b>int</b></span> mdlen);</p></div><div>```</div><div> could be what is right for me, but I'm not sure how to use it.<br></div><div><br></div><div><br></div><div><br></div><div>Thank you very much and have a nice day!<br></div><div><br></div><div><br></div><div><br></div></div>